LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

What components are stored in an RSA private key file, and why are there so many beyond just d?

A full RSA private key holds n, e, d, the two primes p, q, and the precomputed Chinese-Remainder-Theorem (CRT) values dp, dq, qinv — the extras make decryption ~4× faster.

Components from openssl rsa -text -in private.pem:

Field Symbol Purpose
modulus n = p·q Used in both encrypt and decrypt
publicExponent e Usually 65537 (= 2¹⁶+1); small + odd for fast encryption
privateExponent d d ≡ e⁻¹ mod φ(n) — the secret
prime1, prime2 p, q The factors; with these, an attacker has everything
exponent1 dp = d mod (p−1) For CRT-based decryption
exponent2 dq = d mod (q−1) Same
coefficient qinv = q⁻¹ mod p Same

Why CRT-based decryption is faster: Direct computation of m = c^d mod n involves modular exponentiation with very large numbers. Using CRT, you split into two smaller computations modulo p and modulo q (each half the bit size), then recombine — roughly 4× faster because each modular operation is much cheaper.

Why the components are dangerous to leak:

  • d by itself = full decryption capability.
  • p or q by itself = compute the other (p = n/q), then everything else falls.
  • Side-channel attacks specifically target CRT decryption: a single fault during the CRT computation can leak p and q instantly (Bellcore attack, 1996).

Tip: A .pem file marked BEGIN RSA PRIVATE KEY contains all of the above in DER-encoded form. Never paste it into a chat, never check it into git, never let it be world-readable on disk. Treat it like the master key to your house.

From Quiz: ISF / Asymmetric Cryptography | Updated: Jul 14, 2026